Thursday, August 28, 2014

ACS, radius and management access to ASA

There are couple of ways how to configure management access to ASA.
One of them is configuring users in ACS database. Depending on radius
attributes the user can have access to specific management ways.

As we see the privilege mode is accessible by user1. I changed also default privilege level to 10 by following attribute:

CVPN3000/ASA/PIX7.x-Priviledge-Level=10

Below there are radius messages exchanged during ‘enable’. When you
compare the logs from ‘login’ and ‘enable’ process, you will find they
are the same. The reason of this fact is the radius doesn’t use ‘enable’
password and authentication looks like ‘login’ (query for
user/password).